Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the SD-Core Helm charts to pick up a newer BESS-UPF chart and container image releases, along with a small security/compatibility adjustment to PodSecurityPolicy templating.
Changes:
- Bump
sd-corechart version to3.3.0and update thebess-upfdependency to1.5.0. - Bump
bess-upfchart version to1.5.0and update UPF image tags torel-2.3.1. - Add additional Linux capabilities to the UPF
StatefulSetand gate PSP resources on PSP API availability; update pre-commit hook revisions.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
sdcore-helm-charts/Chart.yaml |
Bumps parent chart + bess-upf dependency version. |
bess-upf/Chart.yaml |
Bumps the bess-upf chart version. |
bess-upf/values.yaml |
Updates UPF BESS + PFCP interface image tags to rel-2.3.1. |
bess-upf/templates/statefulset-upf.yaml |
Adds NET capabilities to the bessd container securityContext. |
bess-upf/templates/podsecuritypolicy-upf.yaml |
Gates PSP creation on API availability; updates allowedCapabilities list. |
bess-upf/templates/pspclusterrole-upf.yaml |
Gates PSP RBAC resource on API availability. |
bess-upf/templates/psprolebinding-upf.yaml |
Gates PSP RBAC resource on API availability. |
.pre-commit-config.yaml |
Updates pre-commit hook revisions. |
Comments suppressed due to low confidence (2)
bess-upf/templates/psprolebinding-upf.yaml:15
metadata.name: role:psp:upf(and the referencedroleRef.name: psp:upf) include:characters, which are not valid in Kubernetes resource names (RFC 1123). Enabling PSP would cause the RoleBinding to be rejected by the API server; use a DNS-compatible name (e.g. replace:with-).
metadata:
name: role:psp:upf
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:upf
bess-upf/templates/pspclusterrole-upf.yaml:11
metadata.name: psp:upfcontains:characters, which are not valid in Kubernetes resource names (RFC 1123). If this chart is installed with PSP enabled, the ClusterRole will be rejected; use a DNS-compatible name (e.g.psp-upf).
kind: ClusterRole
metadata:
name: psp:upf
rules:
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Signed-off-by: Arrobo, Gabriel <gabriel.arrobo@intel.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
No description provided.